Today > vulnerabilities   -   You can now download lists of IOCs here!

Technical Analysis of Copybara

Aug. 22, 2024, 6:52 p.m.

Description

This report presents a comprehensive technical analysis of a newly discovered variant of the Copybara Android malware. The malware, which emerged in November 2021, is primarily spread through voice phishing attacks. It utilizes the MQTT protocol for command-and-control communication and abuses Android's Accessibility Service to exert control over infected devices. The malware downloads phishing pages mimicking cryptocurrency exchanges and financial institutions to steal user credentials. The analysis covers 59 supported commands with detailed functionality descriptions, providing valuable insights into the malware's capabilities.

Date

Published: Aug. 22, 2024, 6:16 p.m.

Created: Aug. 22, 2024, 6:16 p.m.

Modified: Aug. 22, 2024, 6:52 p.m.

Indicators

f91fd4f9b6594446144ba865356fde07669ea0b46a62ddd926bb8cac0aa04dc9

f6975b1a9ab8935d45d6c2d94540b67b2374827734593c126785924afffb6634

f703f31f7b9ef95f820a724ebcee36377e2f4a42c92756b819bea6f34ec96cac

eb779ec4ed2c85e114a18db89b8ef9c7a19adc907748d1f18076e167f79bf04b

eb1f89b2edaeda18023a6ea5cd7a4b2997e4839e1f3d57e54c5b7a1b64407874

e82b0023abcc4bdb549f319389620c4cbd8ffabe8648168db31db62fd84a6904

e57565bd3f398508321470f857dfb07c195ed9b7b494ba00dc7c407ac8b8f3e1

e3875e3b20be42f38f457cf0b0d85683535472b47535635ec42da52b73b27e6e

e328dde9fa6db3da195e813696973657cc4fe636601cb0061a75c5086b04aa95

e097bb08da761ae5780e6c600c79738e36285a59589098dde53c88611c1ac66a

de242d9428a378a1b0dacb2e8d481fdfb062a47450f815c13e105975d5a41663

d887be78f443fabeb348ac2f85e1d42ed4d1c2cfc87d9e314c4b812c0b1fcfd8

d852f48e1c8a37d11f9dfb90f339316a5a3fa012bf152db43de1e81b45a69ba7

d23ef9fe27b116d982f8ebafb99587ffc9cc6c9b932f1b2d5efab2dad156e65e

cad56908abd1508451a5af4a5304de092f0342ec6a24bbbeb9b3988683483c84

c8c73080a2eb18ad1434ac408e916f3f819637550dfe07f20ad79e66ec1b2cf9

c32eb3b850a20e4715a6db40635de9fc6cefad840ce7e64e9c68c2b3e378ee7e

bff6fb5cbb1c0f8d05e2c6acefcf499a9c22f10d7db8aeda994638bf75018fbf

bcae6ea26fe1dd1fa5652e05c1b888186307ad277ce238a255908061b837a484

b99fc0a9eea993d6b5a04b0a0b05fe103f164fb85281fcddb04ac686daee065f

b5c206d8f980c8fa12a29886fad49f6a1469264055740cdf763efa7f726cd8d7

b4379324c7dc1fc623bcd9d2e8099dc3588ac23f87f33151d1c1005a1f33e713

b217e4f8143a6fbbad2e0667ce8242fc207274a78ce464af9b122df8ba12690b

b1b6a2d91e6fcc07322edce92aa75c13763b6844b2a1a549eeaf0f536bdc6183

b009ad0ed336f1e4bff3f452e238b3ea83d3bc7773f52d16d057298c116a95ea

ad1182d8bf3b1976e09f45b91085167559bc24e8f5e3f7315f96f344532cbcf8

afa3c43141a5b6f2473d49cdfa0bce1bf0af235a40f3ec092299287291137841

ab85b62cad1a4009bf99c621b4950ee23c413b5c424952f225497bca7a318a99

a8cc088426c6406f03ccedbb854e8dc83543d38c98a405db15074e9531731ade

a46537ccf4a188091f973a47b7186ee805539a0e5d94c62867cec08cec1c33e6

a1a1fbdb6070ff388642974b1616d1955c2a89fbb8702caa02fa6927adbdad6c

9f693923e5641c046bdcadf10b4e2b553d078b98afc2e30f2d72660b1e0161ed

9c136701362e2d661805257c02e23c9aa01b9081e1a559571f947390522fc51b

9b204f839aed79d4c27f8d28198ef596dec9848a27a51f0672743a91e618677c

989cf5faf307304f86db03180978ba4bd93c909bb458db83fcebe4fb48d7a002

9830b91dfcf987a2556afd85893f8569c6ba03e3ebb194ecb6b32dafbc22e1e1

9762eba15b893609b9461125c5adbcaf3bac7fea9536ffca72566abfa1bed084

91fda73902e1a2a76b999df11caa4532c9c440d6f3da63dc03e0a78109d7583a

8bbb6cd5277177beb86b037ef77d6fcbae4a51a19668063d4d1b40ce2453dad3

8a2f6ff8aa1a6b416cb0aaa1530a8178c53760a69ce5c14d1d16ee880c335a4f

8b05684a73f44ed82c0faf424b2d41a0c7b00c2fef4d7dc232c5433739a59f6c

878bb68727daf025c0c9619d1d12337c289489f1190410ca4025c47f39357aa5

85901707c7d058269820671e10af027eeadd39ee15f079cff340eed0f0ac9c2e

868ce8fa932c46b6de18455dfc0935a75029cc10c7b484bc358cdfabf0b0c533

7ffbc88e97be67214ad17325142ceb54823a5bdcebdbd4e4c9d0c65b3f0a1813

7fa3d58a0056e8492a84894a6fd3b3d0d87ff1f9656f5e54b10580b9a4a4fd6a

7b3262b6c3ad52e50e2ec6faf1ffb12ca08f0d17ac4f90420f13a6053b7f9622

7a165645df48f6bde0fd5939a3e15d160826d944e603c34d46a7285f02f0941e

790b166081fd763cc6239881a78ba5c4d757b8f98d1b5d5f7abfdede76f54c05

767e4c42cefc4a29921f612f14611cf56b7d950ba91ccdd3a59adb57f25b7d18

731a58248c7b467bc9d9a7482d8cb010242b3a534904ddc39471fa0620752d22

6bc1ac4f844a6940c9e083c32bbf3f469b1322cc5aa83e12ab1a7f35cdb51c23

6da8e49d8e083ec705985effa03cdb60cdd736f04ed711211b2a3842c815a708

5bc6f1986a6e794e8feb78c763fef5f8cbb59f3696daa468aba058fb79befbf0

6b15d8508e6782c25dc48618bbbe9b53c8c9a822655a8e52b7370e034fae7564

4daf21a708afc06c0da4ee6e192a6db6405efb1e3a9eb6905cc69d501e781c8b

4b43f7145eebe4c07d208911b9d74c7c996a5037a04d52e4c38a80c2456d1187

472feeabc60fdcc87345574586a7599ead1625c94bf75f373e9086b4a6cfedbe

447c387fca23aea2b0b78f1cf9ee1c369078196fe3c3051bb99309268d4a9f79

41b61acc644add0a40ec6dbda231ae41f9de478fbf8cc029bc89d95a2829a53e

40df5d874ed86aa65454d3d7becc334b7ca2dcb11754f9131135071a98752691

376ff4dbea2e3570a5cb98a8b335c0503d050fecd7bb4f65d252b1b596d14fc7

2d5e80f752608faa23f05e6558a695fcac261d78b9979d6746dc11dc995665e3

2a5d05a6bfb3a73a91d88c15384c9b384d9309e8db0ed4e348d1a85d0f6729db

2a1118c91d97a34e06344191eff546c062f81ccf58a7fa7bf1ec206a42d36c2b

28323f93a6657363a0637341358303485d2cf240995457fc8393fb6b74f10d30

29e642ef6bd41f343f66210e924724bb343432affd1ed25bf386d638ae79ee87

24a58d1168d02009c97095e75387765e63b320a0dde1f8a9a7c8e3689a3f6dfb

230f3d74004fee235055e786aba413abff2ed5cf4faa1987a070493be28c75d1

22988cbb286f387036ced6fca6bb72b9f5e326706ad99065bc04bb8cb5dc4a12

22046aaef8a6439d1f5f2980b4d6282e7b69e98c95a0f52010d8953f0cb5e736

1a3e682c924edc1dc0a525f7f1c3e2534cb2945dfaf5bad52089592d216c6c7b

1487cfbb6d702b8b2cfa88a6d586c092cdfbb472274ff54f894df35edd2f9d3e

19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a

13b904ed2391fed303979b8b8fe0ac72a356cab091057600237fc8ac784db82a

136efade44da726858480a9b56aab5a9509e7c04b71fec08e9b779c069632d8c

11470b5107f563c19ab92929a0e0ee5cf1b0c95fdd146f69ff9f9d4123f908cb

0280536885bb406bc8cd90631bb48ddd809dcf16ecfb5acdc2e75c40171a63af

01b0e9cb7e864e753261b94e3e652254968d8188562a5abfc240d19fa783bc5f

46.249.35.219

213.109.192.177

213.109.147.35

212.237.217.111

193.31.41.93

193.3.19.37

176.126.113.210

159.100.20.184

176.124.32.39

159.100.13.181

146.19.143.42

146.103.41.28

80.251.153.96

194.99.22.182

scarica-app.site

scarica-app.icu

scarica-app-token.com

la-nuova-app.cc

la-mia-app.com

generali-verifica.com

installa-app.com

entrar-y-confirmar.com

enlace-cliente.com

descarga-app-sign.com

datos-cliente.com

clienti-dati.com

clienti-verifica.com

descargar-e-instalar.com

Attack Patterns

Copybara

T1600.001

T1592.001

T1600

T1592.002

T1548.002

T1537

T1583

T1548

T1530

T1497

T1518.001

T1518

T1496

T1498

T1592